Re: text extension to CSR

You cannot just add a random String to a Certificate Signing Request
(CSR); it must either be a standard extension, or you need to define
your own Object Identifier (OID) for a custom extension, add the
String as an attribute within that custom extension, and finally add
the custom extension to the CSR.

Have you reviewed RFC 5280 to determine if what you want is already
defined as a standard extension supported by BC?

You can also consider looking at the source-code of EJBCA, an open-
source PKI software that uses BC and which has implemented all the
standard extensions defined in RFC 5280.

Arshad Noor
StrongAuth, Inc.

On 2/20/2013 2:45 AM, Oyuntungalag Chagnaadorj wrote:
> Dear all,
> I'm new to Bouncycastle. I want to add String data to Certificate Sender
> Request. And get that string on certificate issuer side.
> How to do that.
> Is there any tutorial or anything on the Internet? I found David Cook's
> book. But, sample codes are for older version of Bouncycastle, I guess.
> Please, help.

In chapter 3. They don't currently discuss extra values, but they will
at least give you some idea about where to look.

Regards,

David

On 20/02/13 22:40, Arshad Noor wrote:

> You cannot just add a random String to a Certificate Signing Request
> (CSR); it must either be a standard extension, or you need to define
> your own Object Identifier (OID) for a custom extension, add the
> String as an attribute within that custom extension, and finally add
> the custom extension to the CSR.
>
> Have you reviewed RFC 5280 to determine if what you want is already
> defined as a standard extension supported by BC?
>
> You can also consider looking at the source-code of EJBCA, an open-
> source PKI software that uses BC and which has implemented all the
> standard extensions defined in RFC 5280.
>
> Arshad Noor
> StrongAuth, Inc.
>
> On 2/20/2013 2:45 AM, Oyuntungalag Chagnaadorj wrote:
>> Dear all,
>> I'm new to Bouncycastle. I want to add String data to Certificate Sender
>> Request. And get that string on certificate issuer side.
>> How to do that.
>> Is there any tutorial or anything on the Internet? I found David Cook's
>> book. But, sample codes are for older version of Bouncycastle, I guess.
>> Please, help.
>